ATM Heist Snares Cybercrime Czar

Jay Decenella, IT audit expert

September 05, 2011 /

As if to show an utter disrespect to the chair of the Justice Department’s Cybercrime Subcommittee, “skimmers” have successfully stolen $1,000 from U.S. Attorney Jenny Durkan of Seattle in the latest of a growing ATM robbery cases.

Skimmers are ATM thieves that put up a magnetic device on Automated Teller Machines to steal highly confidential information from ATM cards, noted security researcher Brian Krebs who shared his firsthand account of the crime on December 2010.

Durkan confirmed that she was robbed of $1,000 after cyber criminals stole her debit card information through “skimming” devices mounted to the ATM so it appeared as if it belonged to the machine.

With the GSM-based mobile theft that evolved from a wireless-based device, skimmers can now gain access to card data inserted into cash machines and duplicate it for fraudulent uses, which could happen in a matter of minutes and in real-time, Krebs said.

“When it happens to you, you really feel victimized and you think, ‘Boy, I wish I’d been smarter that time,’” Durkan said.

Recently, the Illinois Bankers Association (IBA) urged the public to be wary of nearby strangers or “good Samaritans” that offer to help them, particularly when an ATM “eats” their card.

“They could be trying to obtain your card and PIN. Also be wary of ‘shoulder surfing’ where the person behind you is close enough to read the information you enter into the machine,” IBA said in a statement.

To think that a cybercrime czar like Durkan has fallen prey to the criminals’ trap is something that should alert the public of how sophisticated skimming has become.

Durkan said: “The thieves are very clever. What they’ve done is created devices they just slip over ATM machines, gas station machines, anywhere that takes a credit card.”

That is so because skimmers have added the GSM-enabled device, making the mobile theft easier and faster that even before the police could arrive at the crime scene to remove it, the card data has already been transferred to the skimmer together with the potential amount that could be cashed in from the ATM.

What’s worse, police authorities arrested or even suspected nobody in relation to the crime, an even more alarming scenario for the future of online security.

Durkan urged ATM users to inspect the machine carefully for any parts that may be loose, indicating that somebody may have tampered the machine. She further alerted the public to signs, speakers or mirrors that could hide a hidden camera, or anything else that seem suspicious and out of place.